Healthcare Internet of Things (IoT) devices provide various benefits, including automated alerts, remote monitoring, early diagnosis, lowered healthcare costs and quick access to patient information. However, IoT devices also present numerous security challenges for the healthcare industry. According to Cynerio’s State of Healthcare IoT Device Security 2022 report, more than half of connected IoT devices in a typical hospital have critical risks that attackers could exploit.
To help your organization safeguard its patients, data and networks, here are the top three security risks posed by unsecured healthcare IoT devices.
1. Data Loss
Unsecured, IoT-based healthcare devices are attractive targets for data thieves because the devices contain valuable protected health information (PHI). Stolen medical information sells for as much as $1,000 on the black market, compared to $1 for stolen social security numbers, according to credit rating agency Experian.
2. Network Attack
A vulnerable medical device opens an entire healthcare network to attack. Once attackers access the network, they can launch ransomware and distributed denial of service (DDoS) attacks. Ransomware is a significant threat to healthcare organizations because encrypting systems threatens lives, and stolen data can result in hefty regulatory fines. In a DDoS attack, hackers flood a company’s servers with traffic, bringing the system down, which can slow patient care or halt operations all together.
3. Device Malfunction
Hackers can also take control of vulnerable medical devices, alter their configurations or parameters, and turn them into deadly weapons. Researchers have shown how attackers can remotely access a Medtronic pacemaker and control shocks to patients.
Small changes in vital metrics collected by IoT medical devices can also have a considerable impact on patient care. Potentially fatal consequences can result from wrong medication dosage recommendations based on altered metrics.
Security Best Practices
While these risks pose a significant threat, there are some security best practices that organizations can implement to secure their healthcare IoT devices, including:
- IoT device inventory:Organizations should develop an inventory of all healthcare IoT devices. Some manufacturers offer inventory tools that detect IoT devices on the network without disrupting their functionality and identify which operating systems are running on the device.
- Effective authentication:Each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. In addition, staff access to medical devices should be controlled through multi-factor authentication to ensure that only authorized users can access them.
- Network segmentation:Unsegmented networks offer adversaries free rein to move laterally across critical data and resources if they gain access. Network segmentation makes it harder for attackers to traverse the network without authorization, so it makes a network and devices more secure.
- Security hygiene:Organizations should also follow security hygiene best practices for their IoT devices, such as eliminating hard-coded passwords. In addition, devices and software should be updated and patched regularly.
Looking to improve your organization’s healthcare IoT device security? MBL Technologies can help. We offer a wide array of cybersecurity services to help you identify weaknesses in your security posture and implement cost-effective, targeted solutions. Contact us today to get started.
